Jimmy John`s POS System Hacked; 216 Stores Affected

Jimmy John`s, a US-based food chain, confirmed its POS systems fell victim to a hacker who allegedly stole credit and debit card data from 261 stores, according to a press release posted on the company web site.

The intruder apparently stole log-in credentials from one of the chain`s point-of-sale vendors and used them to remotely access the POS systems of other franchise locations and implant malware. The breach occurred between June 2014 and September 2014. The company said it found out about the incident a month later.

Only cards swiped at Jimmy John`s locations were exposed. The compromised data may include the cardholder name, debit or credit card numbers, expiration date and the verification code.

Any personal information collected by the site, such as email addresses and passwords, “remains secure,” the company said. The chain also said it does not collect clients` Social Security numbers.

The company says it is investigating the incident and has taken steps to prevent other security breaches.

Jimmy John`s has taken steps to prevent this type of event from occurring in the future, including installing encrypted swipe machines, implementing system enhancements, and reviewing its policies and procedures for its third party vendors.

To help customers learn if they`ve been affected, the chain posted a list of restaurant locations impacted by the intrusion.